[ISN] Mac browsers vulnerable to hackers

From: InfoSec News (isn@private)
Date: Tue May 18 2004 - 03:14:55 PDT

  • Next message: InfoSec News: "[ISN] New evidence points to Cisco network hack"

    http://www.macworld.co.uk/news/main_news.cfm?NewsID=8696
    
    By Macworld staff
    May 18, 2004
    
    Computer security firm Secunia is warning of a new security
    vulnerability affecting Mac Internet browsers Safari 1.x and Internet
    Explorer 5.x.
    
    The report claims the weakness: "Potentially allows malicious Web
    sites to compromise a vulnerable system".
    
    "The problem is that the "help" URI handler allows execution of
    arbitrary local scripts (.scpt) via the classic directory traversal
    character sequence using 'help:runscript'", the warning explains.
    
    This makes it possible for malicious computer users to place
    "arbitrary" files (including script files) in a known location on a
    user's system - but only if either browser has been set-up to open
    safe files after they are downloaded. This is the default browser
    setting.
    
    Secunia recommends users switch off the latter capability in Safari's
    preferences folder; that they do not go online as a "privileged user"  
    and that they rename the help handler, though no instructions related
    to the latter are avaiable.
    
    
    
    _________________________________________
    ISN mailing list
    Sponsored by: OSVDB.org
    



    This archive was generated by hypermail 2b30 : Tue May 18 2004 - 07:22:40 PDT